diff --git a/testssl.sh b/testssl.sh index 15d8cad..a4b0f94 100755 --- a/testssl.sh +++ b/testssl.sh @@ -10693,8 +10693,6 @@ run_beast(){ if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then outln pr_headlineln " Testing for BEAST vulnerability " - fi - if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then outln fi pr_bold " BEAST"; out " ($cve) " @@ -10907,10 +10905,11 @@ run_beast(){ if "$vuln_beast"; then if [[ -n "$higher_proto_supported" ]]; then if "$WIDE"; then - outln + outln; out " " # NOT ok seems too harsh for me if we have TLS >1.0 pr_svrty_low "VULNERABLE" outln " -- but also supports higher protocols (possible mitigation):$higher_proto_supported" + outln else out "$spaces" pr_svrty_low "VULNERABLE" @@ -10950,8 +10949,9 @@ run_lucky13() { local cwe="CWE-310" local hint="" - [[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for LUCKY13 vulnerability " && outln - if [[ $VULN_COUNT -le $VULN_THRESHLD ]] || "$WIDE"; then + if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then + outln + pr_headlineln " Testing for LUCKY13 vulnerability " outln fi pr_bold " LUCKY13"; out " ($cve), experimental " @@ -11023,8 +11023,6 @@ run_rc4() { if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then outln pr_headlineln " Checking for vulnerable RC4 Ciphers " - fi - if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then outln fi pr_bold " RC4"; out " ($cve) " @@ -11231,7 +11229,7 @@ run_rc4() { done ! "$WIDE" && pr_svrty_high "$(out_row_aligned_max_width "$rc4_detected" " " $TERM_WIDTH)" outln - "$WIDE" && pr_svrty_high "VULNERABLE (NOT ok)" + "$WIDE" && out " " && prln_svrty_high "VULNERABLE (NOT ok)" fileout "rc4" "HIGH" "RC4: VULNERABLE, Detected ciphers: $rc4_detected" "$cve" "$cwe" "$hint" elif [[ $nr_ciphers -eq 0 ]]; then prln_local_problem "No RC4 Ciphers configured in $OPENSSL"